こんにちは TAG-さん!

I'm requesting an early TAG design review of Private Proof API.

This API uses Zero-Knowledge Proofs (ZKPs) to allow analysis of potentially identifiable signals while providing only a limited verdict output. For example, it empowers anti-fraud services to verify whether a user possesses an unmodified stored timestamp older than some provided timestamp without disclosing any additional user data. This approach strikes a balance between user privacy and anti-fraud capabilities by enabling websites to request a reputation signal (such as profile age) on which the user agent can enforce meaningful privacy constraints, while making the signal useful enough to remove the need for other burdensome or invasive checks, and allowing the user to clear said signal at will.

• Explainer: https://explainers-by-googlers.github.io/private-proof/
• Security and Privacy self-review: https://explainers-by-googlers.github.io/private-proof/security-privacy-questionnaire
• GitHub repo: https://github.com/explainers-by-googlers/private-proof
• Primary contacts:
  • @arichiv, Google Chrome, Author
  • @SamuelSchlesinger, Google Chrome, Author
  • @philippp, Google Chrome, Author
• Organization/project driving the design: Google Chrome
• Multi-stakeholder feedback³:
  • Chromium comments: https://groups.google.com/a/chromium.org/g/blink-dev/c/JrJwSd43hGM, https://issues.chromium.org/404546887, https://chromestatus.com/feature/4848107667587072
  • Mozilla comments: https://github.com/mozilla/standards-positions/issues/1196
  • WebKit comments: https://github.com/WebKit/standards-positions/issues/473

Further details:

• I have reviewed the TAG's Web Platform Design Principles
• The group where the incubation/design work on this is being done (or is intended to be done in the future): Anti-Fraud CG
• The group where standardization of this work is intended to be done ("unknown" if not known): Anti-Fraud CG
• This work is being funded by: Google Chrome